CloudTrail Expands Again – More Regions, More Services, Cool Partners
AWS CloudTrail records the API calls made in your AWS account and publishes the resulting log files to an Amazon S3 bucket in JSON format, with optional notification to an Amazon SNS topic each time a file is published.
Today I’m writing to provide you with more information on new releases from CloudTrail and to share some really cool tools and use cases that have been implemented by some of the CloudTrail Partners.
Effective immediately, CloudTrail is now available in three more AWS Regions. Here is the complete list:
- US East (Northern Virginia)
- US West (Northern California)
- US West (Oregon)
- Asia Pacific (Sydney)
- EU (Ireland)
- Asia Pacific (Tokyo) – New!
- Asia Pacific (Singapore) – New!
- South America (So Paulo) – New!
The Big Picture, Once More
Here’s the latest and greatest version of the diagram that I first presented when we launched CloudTrail:
Logentries and CloudTrail
Logentries is designed to make business insights from machine-generated log data easily accessible to development, IT, and business operations teams of all sizes. The Logentries architecture is designed to manage and provide insights into huge amounts of data across their diverse, global user community. You can sign up for a free Logentries trial and be up and running within minutes.
The Logentries team shared a cool, security-oriented use case that is made possible by their integration with AWS CloudTrail (read the Logentries CloudTrail Integration Documentation to learn more). Logentries provides pre-defined queries for important events so that you do not have to write complex queries. Additionally, Logentries provides out of the box tagging and alerting to highlight and notify you when an important security event takes place. For example, you can get notified via email or iPhone alert or you can have a message sent to a third-party service or API such as Pagerduty, Hipchat, or Campfire when any of the following occur:
- EC2 Security Group created, deleted, or edited
- New IAM user is created
- User’s IAM permissions are changed
Here is a screenshot of the alerts that Logentries provides out of the box:
And here’s a short video of Logentries in action:
Datadog and CloudTrail
Datadog is a cloud monitoring service for IT, operations and development teams who run applications at scale. Datadog allows users to quickly troubleshoot availability and performance issues by automatically correlating change events and performance metrics from AWS CloudTrail, AWS Cloudwatch and many other sources.
Datadog can overlay CloudTrail logs with metric collected from other systems to show how the metrics respond to AWS events. This allows you to investigate and understand cause and effect relationships.
Datadog can quickly find specific CloudTrail events and put them in context for you. You can collaborate with teammates using threaded discussions that are linked to CloudTrail logs: